SUBSCRIBE NOW

Tag: cycber security news

CISA Launch Open-Source Tool to Detect Microsoft Cloud Hacking

Posted on by Admin

“Known as the ‘Untitled Goose Tool’ and developed along with Sandia, a U.S. Department of Energy national laboratory, the tool can dump telemetry information from Microsoft 365, Microsoft Azure, and Azure Active Directory.”

CISA, the American Cybersecurity & Infrastructure Security Agency has released a new open-source incident response (OSIR) tool designed to detect signs of unauthorized activity in Microsoft cloud environments.

Also Read, Hackers in Order to Install Frebniis Malware Hacks IIS Feature

Known as the ‘Untitled Goose Tool’ and developed along with Sandia, a U.S. Department of Energy national laboratory, the tool can dump telemetry information from Microsoft 365, Microsoft Azure, and Azure Active Directory. 

CISA said, “Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments. Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).”

With the help of Microsoft cloud interrogation and analysis tool of CISA, security networks, and experts will be able to –

  • Export and review Microsoft Defender for IoT alerts, Azure activity logs, M365 unified audit log, AAD sign-in and audit logs, and Microsoft Defender for Endpoint data for suspicious activity.
  • Query, export, and investigate Azure,  AAD, and M365 configurations.
  • Draw out cloud artifacts from Microsoft’s M365, AAD, and Azure environments without executing additional analytics. 
  • Managing time bounding of the UAL.

Earlier in March 2023, an open-source tool called ‘Decider’ was released by CISA to help defenders generate MITRE ATT&CK mapping reports to fine-tune their security posture based on the tactics and techniques of adversaries.

Decider was launched when a “best practices” guide about MITRE ATT&CK mapping in January was published, highlighting the imperativeness of using the standard. It also announced that starting January 2023, it would alert critical infrastructure entities of Internet-based systems susceptible to ransomware attacks.

Hackers in Order to Install Frebniis Malware Hacks IIS Feature

Posted on by Admin

“Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature used for checking unsuccessful web page requests.”

“Frebniss” is a new sort of malware that recently posed a threat to Microsoft’s Internet Information Services (IIS). 

Also Read, What is the ‘North Korean Hacking’ fiasco in the cryptocurrency fiasco?

The malware is being employed by hackers to help them carry out stealthy commands using web requests that are transmitted through the internet.

Microsoft IIS is a robust software app platform uses for web application hosting and web server functionality. Among its multiple uses, the software application platform serves crucial services of Microsoft such as Outlook.

Microsoft IIS is a trusted platform and enables users to get easy access to services and web applications, making it a preferred choice for businesses and individuals simultaneously.

Frebniis Corrupts IIS Feature

Frebniis, the malware uses a method that injects harmful code into iisfreb.dll’s memory. Iisfreb.dll is a DLL file attached with an IIS feature uses for checking unsuccessful web page requests. 

With the help of the IIS feature, all HTTP requests are stealthily tracked by Frebniis and detect particular formats of requests from the hacker, leading to the possibility of executing remote code.

frebniis-malware

The hacker must get access to the Windows system operating the IIS server utilizing another method to apply this trick. But, how the hacker got this access in this instance remains uncertain.

frebniis

The injected .NET backdoor allows C# code execution and helps in proxying without doing disk interaction which makes it undetectable. A particular password is checked when default[.]aspx or logon[.]aspx are requested. 

frebniis-malware-attack-microsoft-iis-internet-information-services

Frebniis can command and link with other systems via compromised IIS, utilizing a base64 encoded string as a second HTTP parameter, accessing secured internal systems which are publicly unavailable.

Global Chief Insights is a world’s most trusted print and digital magazine for industry leaders and professionals to share their experiences, ideas.
Facebook Twitter Linkedin

QUICK LINKS

CONTACT US

Address : 411 W 1st St, Suite 261, Sanford, FL 32771, United States
Phone : +1302-261-5313
Email: [email protected]

LATEST ISSUES

@2024 Global Chief Insights LLC. | All Rights Reserved
Privacy Policy
General Disclaimer
Terms and Conditions